<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util = "http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
           ">

	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		
		<!-- define application-specific urls -->
		<property name="loginUrl" value="/login_default.jsp" />
		<property name="unauthorizedUrl" value="/unauthorized.jsp"/>
		<!-- default su ccess url  -->
		<property name="successUrl" value="/apps/km/index.htm"  />
		
		
		<property name="filters">
			<util:map>
				<entry key="urlFilter" value-ref="urlFilter" />
				<entry key="casFilter" value-ref="casFilter" />
			</util:map>
		</property>

		<property name="filterChainDefinitions">
			<value>
				# some example chain definitions:
				# /login.act = casFilter,  user
				/apps/** =  casFilter , user , urlFilter 
				/data/upload/** = casFilter, user
				/data/resource/** = casFilter, user
			</value>
		</property>
	</bean>


	<!-- Define any javax.servlet.Filter beans you want anywhere in this application context.   -->
	<!-- They will automatically be acquired by the 'shiroFilter' bean above and made available -->
	<!-- to the 'filterChainDefinitions' property.  Or you can manually/explicitly add them     -->
	<!-- to the shiroFilter's 'filters' Map if desired. See its JavaDoc for more details.       -->
	<bean id="urlFilter" class="org.vsg.security.filter.UrlAuthorizationFilter">
		<property name="servletName" value="action" />
	</bean>
	
	<bean id="casFilter" class="edu.gtcfla.km.platform.appmodules.web.filter.EduCasFilter">
		<property name="failureUrl" value="/error.jsp"></property>
	</bean>	
	
	<!-- support CAS fileter -->
 	<!-- 
	<bean id="authenticationRealm" 
		class="edu.gtcfla.km.security.realm.AccountUserAuthenticatingRealm">
		 -->


	<bean id="casRealm" 
		class="edu.gtcfla.km.security.realm.CasUserAuthenticatingRealm">
		
		<property name="authenticationTokenClass" value="edu.gtcfla.km.security.token.CasUserToken" />
		<property name="credentialsMatcher">
			<bean class="edu.gtcfla.km.security.credential.CasCredenialMatcher" />
		</property>

		<!-- 	
		<property name="permissionCheckerSet">
			<util:set>
				<ref bean="purlChecker" />
				<ref bean="menuChecker" />
				<ref bean="urlChecker" />
			</util:set>
		</property>
		 -->
	</bean>
	
	



	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realms">
			<util:list>
				<ref bean="casRealm"/>
				 <!-- 
				<ref bean="authenticationRealm"/>
				 -->
			</util:list>
		</property>
		<property name="cacheManager" ref="cacheManager" />
		<property name="sessionManager" ref="sessionManager" />

	</bean>
	
	<!-- build cache manager  -->
	<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
	</bean>

	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>

	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    	<property name="securityManager" ref="securityManager"/>
	</bean>
	
	<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
	
	</bean>
	
</beans>